FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-amf -- input sanitization errors

Affected packages
py27-amf < 0.8.0
py32-amf < 0.8.0
py33-amf < 0.8.0
py34-amf < 0.8.0

Details

VuXML ID 1fbd6db1-a4e4-11e5-b864-14dae9d210b8
Discovery 2015-12-01
Entry 2015-12-17

oCERT reports:

A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger Denial of Service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges.

[source]

References

CVE Name CVE-2015-8549
URL http://www.ocert.org/advisories/ocert-2015-011.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.